[Slackbuilds-users] Advice needed: no libpng14.la

Habs gen-bch at useyouresp.org.uk
Mon Aug 21 18:12:14 UTC 2017

On Mon, 21 Aug 2017 19:07:30 +0200
Didier Spaier <didier at slint.fr> wrote:

Sorry for the general chit-chat type thing here from me and apologies
about not specifically related to libpng, but this caught my eye and I
couldn't help but muse about it...

> I don't have the answer, but will take this opportunity for a warning
> to users of packages depending on webkitgtk2, directly or indirectly.
> Having read this blog post:
> https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/
> I assume that all software that depend on a version at risk according
> to the most recent security advisory published on
> https://webkitgtk.org/security.html
> are also at risk.
> Today that would mean that version 2.16.6 should be used instead
> of 2.4.11 (the default in SBo).
> Admittedly the risk level is not the same for all software that depend
> on webkitgtk2, as explained by  Michael Catanzaro, and maybe one

I think its time for me to retire...this did my head in ;-)

from the blog link above (no criticism of the author):
".. WebKit2 has been around for Mac and iOS for longer, but the first
stable release for WebKitGTK+ was the appropriately-versioned
WebKitGTK+ 2.0, in March 2013. This release actually contained three
different APIs: webkitgtk-1.0, webkitgtk-3.0, and webkit2gtk-3.0.
webkitgtk-1.0 was the original API, used by GTK+ 2 applications.
webkitgtk-3.0 was the same thing for GTK+ 3 applications, and
webkit2gtk-3.0 was the new WebKit2 API, available only for GTK+ 3

So on SBo there are 3 'webkits':  webkitgtk  webkit2gtk and
webkitgtk3.  There are only a few apps that use webkitgtk I believe -
at least that I use (e.g. gnucash).

As an aside, I thought Midori uses webkitgtk3 (by specific enable).

Any way,  are any of these 'safe' having read this without regular
update. I have for a while been of the belief that webkitgtk should not
be used - and webkit2gtk used instead and webkitgtk3 if poss.  I have
never been too sure why.

It takes an age to compile webkit (any of them) unless blessed with
some processing power and even then I can imagine it takes a while.

It is the sort of thing where by if there were a trusted resource
lastest release type thind - precompiled - I might use it.  So far I
still compile.

I cant help feeling Webkit is a [polite] mess! :-)  An although that
blog piece is a year ago or so,  has anything changed I wonder.

Perhaps I am being too paranoid - but it did make me take notice.


More information about the SlackBuilds-users mailing list